A cybersecurity study sponsored by the defense contractor Raytheon and carried out by the Ponemon Institute is shedding some light on the concerns of top-level InfoSec professionals. Entitled 2018 Study on Global Megatrends in Cybersecurity, the study was (according to the researchers) intended to fulfill the following goal:
Help organizations better understand the changes occurring in the cybersecurity ecosystem that will impact their security posture over the next three years and to elevate the urgency for action when it comes to protecting organizations from cyber threats. According to the research, over the next three years, cyber extortion or ransomware attacks will increase in frequency, as will nation-state attacks and cyber warfare.
The cybersecurity study was conducted by polling “more than 1,100 senior information technology practitioners from the United States, Europe, and the Middle East/North Africa region” to gauge what they believe is going to affect the cybersecurity community in the years to come.
While it is impossible to fully cover everything found in the study (which I recommend reading for yourself), there were numerous statistical takeaways that I will mention here. The first of these is that 80 percent of the polled individuals believe vulnerable IoT devices will lead to a “catastrophic” data breach in their organization. This is not surprising at all to me, as IoT has proven to be a wealth of exploitable vulnerabilities for hackers for quite some time. From massive botnets like Mirai to countless other instances, the more devices that join the IoT, the more likely it is that just one poorly secured device will bring down an entire network.
Some points noted in the study I have mentioned before in my articles, like the ensured increase in ransomware attacks and cyberwarfare via nation-states, but there are rather disturbing, and in my opinion, connected, statistics that require analysis. The study reports the following stats:
- Less than half of respondents feel they are equipped to deter a major cybersecurity incident
- Only 36 percent of the polled experts believe that their senior management treats cybersecurity as a "strategic priority"
- 54 percent of professionals state that their business will keep a stagnant and declining cybersecurity policy, with 58 percent believing that staffing problems will worsen
I consider all these statistics connected as they all stem from issues in upper management. This is a problem that I have discussed numerous times in the past and it is undoubtedly going to persist in the future. For reasons that never really seem to make sense to many in the InfoSec sphere, high-level executives have a tendency to tie our hands with poor policy and a lack of support to make the decisions that could stop major data breaches.
The monetary bottom line is often cited, that there isn’t “room in the budget” to improve various cybersecurity methods. The reality is, however, a massive incident where sensitive data is lost or used nefariously is going to cost a company far more than preventative measures ever could. It is up to cybersecurity professionals to continue to make the case and put pressure on high-level executives. This pressure must increase until they give those in charge of the safety of data belonging to employees and the business the means to combat cyberattacks.
This cybersecurity study and others like it are invaluable as they truly take the pulse of the current InfoSec community and gauge how ready we are vs. how ready we think we are.
Photo credit: Pixabay